Distributors

A Microsoft manager this week offered IT administrators a way to replicate -- in a fashion -- the security bulletins the company discarded last month.

"If you want a report summarizing today's #MSRC security bulletins, here's a script that uses the MSRC Portal API," John Lambert, general manager of the Microsoft Threat Intelligence Center, said in a Tuesday message on Twitter.

Lambert's tweet linked to code depository GitHub, where he posted a PowerShell script that polled data using a new API (application programming interface). Microsoft made the API available in November when it first announced that it planned to axe the security bulletins it had issued since at least 1998.

The API lets advanced users, typically corporate security and network admins, mine the database that replaced the bulletins. Customers can manually dig information from the database using the Security Updates Guide web portal.

Using PowerShell and the API key, Lambert's script automatically assembled an HTML-formatted document that called out vulnerabilities by CVE (Common Vulnerabilities & Exposures, a widely-used bug identifying system) with listings of which product each flaw affected. The document also organized the bugs by Microsoft's exploitability index and collected all the vulnerabilities each version of software contained.

Some of the information once present in security bulletins, such as bug workarounds and mitigations, was missing from the document. However, those remedies can be retrieved from the database using additional PowerShell code Microsoft published on GitHub.

The script lets users select the time frame of the ensuing document; Lambert's example covered the May 9 security updates. When saved as a PDF, this month's document ran 203 pages.

But even as Lambert pitched the script as a substitute for the defunct bulletins, others reveled in the irony.

"This gives me a great idea: Just put the summary on [Microsoft's] web page. Seemed to work alright the last 15 years or so!" tweeted Mark Dowd, founder of Azimuth Security, in a Twitter reply.

ARN Distributor Directory

ARN Vendor Directory

Slideshows

Opening ice breaker sessions set the scene for EDGE 2017

​EDGE 2017 kicked off with an opening ice breaker session, providing a structured environment for channel executives to form and foster new relationships and business opportunities. Photos by Maria Stefina.​

ARN returns to Melbourne for second running of After Hours

Partners, vendors and distributors came together for the second running of After Hours in Melbourne, designed to further unite the Australian channel through a series of invite-only social events in Victoria. Photos by Raymond Korn.​

A bumper crowd of partners turned out in force for Synnex Alliance 2017 in Melbourne, uncovering the key channel strategies required to deliver on the potential of digital transformation in Australia. An evening of keynote speakers, panel discussions and technology exhibitions assessed the opportunities and challenges of digital at Melbourne Olympic Park, with Sydney next up on August 16. Photos by Raymond Korn.

Copyright 2017 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.